Tag
#Vulnerability
PDM Vulnerability Allows Arbitrary Code Execution
A vulnerability in PDM (Python package manager) allows arbitrary code execution with the privileges of the user running `pdm` from an untrusted repository checkout.
Siemens KACO Blueplanet Inverters Contain Multiple Vulnerabilities
Multiple vulnerabilities in Siemens KACO Blueplanet Inverters could allow an attacker to derive credentials from the device's serial number and gain unauthorized access.
Understanding the Netty QUIC Token Handler Vulnerability
A vulnerability in Netty's default QUIC token handler allows an attacker to bypass anti-amplification limits, potentially leading to denial-of-service attacks. The issue arises from the token handler's improper validation of client-supplied tokens.
Netty SNI Handler Vulnerability Allows for Large Memory Allocation
A vulnerability in Netty's SNI handler allows for large memory allocation from a small amount of attacker-controlled data, potentially leading to a denial-of-service attack.
AppleScript/JXA Code Injection via Unescaped URL in macOS Chrome Plugin
A high-severity vulnerability (CVE-2026-47252) exists in the AnyQuery plugin, allowing an authenticated user to inject arbitrary AppleScript statements via an unescaped URL in the macOS Chrome plugin, leading to OS-level command execution.
CVE-2026-11448 Vulnerability Found in GL.iNet GL-MT3000
A command injection vulnerability has been identified in GL.iNet GL-MT3000 up to version 4.4.5, affecting the Minidlna Service component.
Samsung Assistant Vulnerability Allows Local Script Execution
A vulnerability in Samsung Assistant prior to version 9.3.14 allows local attackers to execute arbitrary scripts due to improper export of Android application components.
Understanding and Mitigating Unsafe Remote Filename Resolution in Docling Core
A vulnerability in Docling Core, tracked as CVE-2026-44023, allows for unsafe remote filename resolution, potentially leading to SSRF attacks. This issue affects versions >= 1.5.0 and < 2.74.1 of docling-core. The vulnerability has been patched in version 2.74.1.
Jupyter Enterprise Gateway Vulnerability Allows Root Access
A vulnerability in Jupyter Enterprise Gateway allows bypassing prohibited UID and GID checks, enabling the launch of kernels with root privileges.
Understanding Insecure Direct Object Reference (IDOR) Vulnerability in praisonai-platform
This blog post explains the IDOR vulnerability in praisonai-platform, specifically in the label endpoints, and how it allows an attacker to edit, delete, and link labels across workspaces.
WordPress Breeze Plugin Vulnerability Exposes Sensitive Information
The Breeze plugin for WordPress is vulnerable to Exposure of Sensitive Information to an Unauthorized Actor in all versions up to, and including, 2.5.2.
Veeam Backup & Replication Server Vulnerability
A vulnerability in Veeam Backup & Replication server allows an authenticated user with the Backup Administrator role to write arbitrary files on Linux-based systems.
stigmem-node's Postgres Schema Identifier Handling Vulnerability
A vulnerability in stigmem-node's Postgres schema identifier handling requires defensive quoting to prevent potential SQL injection attacks. The vulnerability has been patched in version 0.9.0a2.
Understanding Remote Code Execution Vulnerability in amazon-redshift-python-driver
The amazon-redshift-python-driver, a Python connector for Amazon Redshift, has a remote code execution vulnerability via eval() injection in versions 2.1.13 and earlier. This vulnerability allows a rogue server or man-in-the-middle to execute arbitrary code on the client. The issue has been addressed in version 2.1.14.
Daemon Tools Lite Vulnerability Under Active Exploitation
A high-severity vulnerability in Daemon Tools Lite is being actively exploited, impacting confidentiality, integrity, and availability.